2015 Enterprise Dev Predictions, Part I: Promise and Peril Ahead

More on This Topic:

The coming year offers both promise and peril for enterprise software developers -- which, of course, is something you can say about every year (every month, for that matter). But I always think it's worth taking a moment during this first week of the New Year to talk with industry watchers about what might lie ahead during this particular orbit around the Sun.  

Forrester analyst Jeffrey S. Hammond got out his scarily accurate crystal ball for a quick gaze into 2015. He told me via email that, among other things, he sees the pressure growing on mobile and Internet-of-Things (IoT) developers to "go native and specialize" because of the quickly separating ecosystems of Google, Apple, and to a lesser extent, Microsoft.

"Whether it's smart watches, home automation or vehicle integration," Hammond said, "the challenge for devs will be to plug into mobile devices and the ecosystems of connected products that are designed to work with them without having to write (and maintain) the same functions in multiple code bases."

He also expects "framework pain" in the JavaScript space to worsen, even as adoption of the popular dynamic scripter grows. "There's a fair amount of angst in the JavaScript space about which frameworks companies should use," he said, "and which ones will be 'long-term bets.'" He notes that the team behind Google's AngularJS open source Web application framework "threw a lot of folks for a loop" when they announced that AngularJS 2.0 would be a significant departure from 1.x with no migration path and a focus on a new language (called AtScript). Also, the NodeJS fork in November (IO.js) "has folks concerned." He doesn't believe that these developments will stall the adoption of JavaScript, but it will continue to prompt devs to look for "a better way."

And then there are the micro-service architectures: "Figuring out how to do things 'the Netflix way' will force developers to come to grips with technologies like Docker, Kubernetes, and the AWS EC2 Container Service, as well a lighter-weight runtimes like Node," he said. He also believes that the move to micro-services will amp up the pressure on Microsoft and Oracle to "slim-down" the .NET and Java VM's to decrease their footprint.

I also connected with Jonas Bonér, CTO and co-founder of Typesafe, the company behind Scala, the general purpose, multi-paradigm language that runs on the Java Virtual Machine (JVM), and Akka, the open-source run-time toolkit for concurrency and scalability on the JVM.

Bonér also pointed to container-based infrastructures, which really took off in 2014, to continue to make life easier for the devs who adopt them. The technologies he sees driving this trend include Docker, Apache Mesos, Google Kubernetes, and CoreOS.

"The floodgates have really opened in terms of moving away from server-based JEE and .NET 'old stack' models to more service simplicity, single-responsibility, composable and isolated approaches for service design," he said. "We see this trend continuing to pick up momentum in 2015 as the industry debates about the ideal size and behavior of services in the new world of applications that need to run across multiple cores."

Java 8 was the "game changer" for developers last year, Bonér observed, and he expects that impact to continue as adoption spreads in 2015—with at least one interesting side effect. "When the 800 pound gorilla (Oracle / Java) endorsed new abstractions like Lambdas, Streams, and CompleteableFuture to allow more functional style programming, it really set the wheels in motion for new ways of thinking about writing asynchronous and concurrent systems," he said, "and it opened a lot of mainstream Java developers' eyes to a range of other languages and possibilities."

Big data and how developers should be dealing with it dominated many conversations in 2014. Bonér expects that conversation to continue, but with a different emphasis.

'We're seeing the discussion around big data moving away from size and more towards velocity," he said. "Call it Fast Data. Speed is the hardest problem to solve—getting in-memory cached, real-time processing of data. When analysis needs to be done on the fly, on live data streams, with real-time feedback to systems, there are a host of major challenges. We think Fast Data will be the rallying cry for big data developers in 2015, and there is a lot of symbiosis between new Reactive Programming models and the challenges of achieving Fast Data."

Martijn Verberg, CEO of jClarity, a startup focused on automating optimization for Java and JVM-related technologies, and co-leader of the London Java Users Group, cited a "wave of new practices and technologies" that will challenge leading-edge developers this year, including: The move to rich JavaScript/HTML5 clients, made possible by advanced JavaScript frameworks such as AngularJS; reactive/dataflow based architectures; and virtualization and DevOps.

The move to rich JavaScript/HTML5 clients is one that is "still fraught with difficulties," he said, "because the tool chain and testing suites around this brave front end (often mobile) world are simply not anywhere near as good as what the .NET or Java folks in particular are used to. I've seen much evidence of larger development shops simply not having the expertise to cope and many developers being torn out of their comfort zones."

The demands of reactive/dataflow-based architectures are also going to push developers out of their comfort zones, Verberg said. "Software projects are increasingly about shipping and transforming large amounts of data," he said. "Even within enterprises where the number of end users tend to be smaller, you have larger, richer data sets to deal with. The old three-tier 'straight to the data store' architectures no longer can support the scalability needs. Reactive and functional thinking is a huge challenge for traditional enterprise developers; it's a whole new (well actually old, but reinvented) way of thinking and architecting software. I see many developers struggling with the concepts and a lack of visualization tools around reactive programming and data flow makes it even trickier."

Verberg also expects devs to feel a new pressure to fully understand DevOps and virtualization, "or be left scratching their heads when their apps fail miserably in their private or public cloud deployments."

I'll have more 2015 prognostication from the savvy and the insightful later this week.

Posted by John K. Waters on 01/07/2015 at 2:56 PM0 comments

Jelastic Hires 'Father of Java' Gosling and Brazil's Souza

James Gosling, whom we all know as the Father of Java, and Brazilian Java community leader  Bruno F. Souza, whom the community knows as "the Brazilian Javaman," have joined the platform development advisory team of  Java/PHP Platform-as-a-Service provider Jelastic, the company announced this week.

Gosling will join as an independent director, and Souza  will become an official advisor.

The Palo Alto, Calif.-based Jelastic, which was founded in 2010 by Hivetext, a Zhytomyr, Ukraine-based startup focused on Java application development in the cloud, bills itself as the only cloud company whose underlying platform is Java, and CEO Ruslan Synytsky says having such prominent Java figures contributing their expertise will give the company "even more in-depth coverage and analysis of Java features on our always transforming and improving platform."

Gosling and Souza are the most recent additions to the company's growing list of advisors. Jelastic first announced the creation of an advisory group to help with the development of its PaaS product in 2011. That group currently includes Rasmus Lerdorf (creator of the PHP language); Mark Zbikowski (former Microsoft Architect); Serguei Beloussov (Parallels founder); Monty Widenius (founder of MySQL and MariaDB); Igor Sysoev (founder of NGINX); and David Blevins (founder of a Apache TomEE, OpenEJB, and Geronimo).

Without a doubt, this is a big "get" for Jelastic. Gosling, a former Fellow at Sun Microsystems, is credited with inventing the Java programming language in 1994 (though Silicon Valley entrepreneur and former Sun product manager Kim Polese gets the credit for naming it). Gosling briefly joined Oracle after the database giant acquired Sun in 2010, left to work at Google for a while, and now serves as chief software architect at Liquid Robotics, a very cool company that makes "autonomous, ocean going platforms," including the Wave Glider, which is used for research.

Souza is a former president of SouJava, a Brazil-based Java User Group (JUG), and was one of the initiators of the Apache Harmony project to create a non-proprietary Java virtual machine. SouJava filled the vacancy left by the Apache Software Foundation (ASF) on the Java Community Process Executive Committee (EC) in 2011. That vacancy, readers will recall, was created when the ASF's decided to quit the EC. The non-profit organization behind more than 100 open-source projects had been threatening to leave the organization for some time. When the JCP executive committee voted to approve Java SE 7, which the ASF opposed, the group walked.

The São Paulo-based SouJava was the first JUG to join the JCP, and it claims tens of thousands members, for which it hosts activities in several cities around the country.Souza represented the organization on the EC. Souza is also a member of the Open Source Initiative (OSI) and an outspoken proponent of open source.

 Souza gushed about Jelastic in a statement: "Throughout my career, I have been promoting freedom and choice for developers," he said. "Jelastic has a unique business model, that promotes choice. Jelastic philosophy changed the way I look into cloud infrastructure. Jelastic's Java-based implementation shows the power of Java technology. Giving developers the freedom to leave gives us the confidence to choice to stay. This is the power of the Java ecosystem. The power of choice. I'm very happy to be more directly involved in the future of Jelastic. This is an amazing opportunity to help bring more freedom and choice for developers worldwide."

 Jelastic gushed about their newest advisors, promising to use their souped up advisory group over the next year "to influence Java development to make it even more dynamic, by eventually implementing the ability to reload all configurations/settings such as Xmx on the fly, without the need to restart an application/JVM, to bring/adapt desktop applications to the cloud."

 And Gosling, who, in my experience, is not given to gushing, came pretty close in his statement: "Configuring cloud infrastructures is fun the first time you do it. But it doesn't take too long before it becomes a tedious time sink," said James Gosling. "And, if you have the misfortune of being a software developer that has to fight it out with an IT organization, who usually wants consistency, control and visibility, you find that you're always fighting with them. Jelastic solves all of that. Easy configuration tools for developers, management tools for IT. Peace and productivity. I love it."

Posted by John K. Waters on 11/19/2014 at 11:56 AM0 comments

Is There a 'Masterpiece' Among Modern Applications?

Forrester Research analysts have been talking about "modern applications," a term they more or less coined, for a couple of years now. One of the clearest definitions of a modern app comes from application development and delivery specialist Jeffrey S. Hammond, who listed the qualities of a modern app in a 2013 blog post.

According to Hammond, a modern application is designed to work across a range of devices, from smartphones to desktops (not to mention your car and toaster). They react to multiple modes of input, including voice, touch, and the good old mouse. They're highly elastic and "take advantage of cloud economics." They use open source software. They're API-oriented, built on open web techniques, and use REST, XML, and JSON "to make it easy for all types of devices and clients to easily consume data." They're also responsive, organic, and contextual. (It's well worth reading the whole post.)

Increasingly, the source for this modern species of app is non-traditional developers, he said during a recent panel discussion among in-the-trenches coders.

"Sometimes I feel like I'm living in two completely different markets these days," Hammond said. "There's the market of the traditional IT developer, where we have conversations about whether they're a .NET or Java shop, and whether they're going to release two times this year or three, and how many millions of lines of code they're writing for the middleware they're building on top of these app servers.

"And then there are the outside-the-firewall developers who are releasing every couple of weeks, using technologies like JavaScript, Go, and Scala; who are putting all their stuff up on [Microsoft] Azure or the Amazon public cloud or the Google's public cloud infrastructure; who are even sometimes embedded inside the businesses, as opposed to a centralized IT organization. If you see that happen often enough, it begins to look like a real sea change in the way developers relate to the business, the way they drive the business, and their cultural practices."

Hammond moderated the panel, which was held last month at Telerik's Silicon Valley headquarters in Palo Alto. It featured representatives from Telerik partner organizations who are facing the challenge of bridging the two worlds Hammond described. In keeping with the theme of the event ("Coding Tomorrow's Masterpieces"), Hammond asked the panelists for examples of modern apps they considered to be masterpieces.

Thomas Stein, computer systems manager in the Department of Earth and Planetary Sciences at Washington University in St. Louis, who works in the school's NASA laboratory, pointed to Uber as a modern masterpiece, calling it "an amazing piece of work."

"I've hated the taxi experience my entire life," he said. "Uber puts me in direct contact with the driver, separating out the awkwardness of payment and tipping and all of that, and just really focusing on making me comfortable, giving me what I want, and getting me where I need to be -- with the mobile device is the touchpoint. It's not just the business model; the application is brilliant. I know it's not simple underneath, of course, but it feels simple from the top, and that's essential in a masterpiece."

For Chuck Ganapathi, founder and CEO of Tactile, which makes a mobile CRM app called Tact, it was DropBox. (It was actually his org's app, but they made him name another.)

"To me, a modern software masterpiece is something the users just fall in love with, because it does something simply and it just works," he said. "DropBox has that kind of feel. Suddenly, you have this file that you drop onto your computer and it magically appears on your computer at work."

Krupa Rocks, senior manager in the Clinical Data Systems group at St. Jude Medical, Inc. (not the hospital, but the medical device company), cited Google's driverless car, because it exemplifies the coming tight integrations of hardware and software.

"People don't know how to drive," she said. "Computers can do a better job. If Google can really provide a self-driving car, that would definitely be a masterpiece."

Todd Anglin, executive vice president of Telerik's Cross Platform Tools group, pointed out that modern software masterpieces are being created all the time that most people never see. "Consumer apps get all the attention," he said, "but there are masterpieces out there that never make it to the app store. Working with our customers, we get to see the apps that make business go and help people get their jobs done. When I look at those kinds of applications, it's really clear to me that a software masterpiece is something that evolves over time. That's one of the things that makes it modern."

Not surprisingly, Anglin also argued that modern application development is more dependent than ever on the evolving capabilities of modern tools. (His company is all about the dev tools.)

"We assume now a certain starting point," he said, "and tools are what get us there. They give teams the space to really think about how to define an application elegantly, rather than just 'how do I make this thing work?'"

Long Le, principle and App/Dev Architect at real estate services firm CB Richard Ellis (CBRE) , agreed with Anglin."Picking the right tools at every stage of your ALM process is super important to how fast you can get [the software] out there," he said, "especially if you have limited resources."

Ganapathi added that, for modern apps especially, analytics capabilities that help developers truly understand end users have become critical. "Today, it's all about being very iterative in your development and constantly re-tuning that on a day-to-day basis," he said. "You put something out there, and then observe the data to see how people are actually using it, and then you respond to that. And you don't rely on what they're telling you in user interviews, which is so often very different."

He also pointed to the growing importance of designers in modern app development. "As developers, we've always said to designers, we'll develop it, you just make it look pretty," he said. "That's so wrong! Everybody expects phenomenal design today. If you don't have great designers -- especially when you're thinking about modern mobile apps, let alone creating a masterpiece -- you're screwed."

Rocks added that in her organization, automated testing tools have become fundamental to fast solution delivery. "Developers aren't the best testers," she said. "So testing would become a bottleneck for us without those tools." She also agreed that designers have become essential to the process. "Users may not know what they want," she said, "but they know what they don't want."

Hammond noted that the emergence of such new tools as Grunt and the enormously popular Git could be evidence that classic IDEs, such as Visual Studio and Eclipse, aren't as useful for modern application development. He also suggested that the modern application space has birthed "a new humility" among developers.

The panelists also agreed that modern apps are increasingly being built by those non-traditional developers Hammond mentioned, people with a wide range of skills, from software engineers with computer science degrees to "not developers" in the sales department who rely heavily on tools and frameworks.

And they might even come up with a few masterpieces.

Posted by John K. Waters on 11/12/2014 at 11:14 AM0 comments

Oracle v. Google at the Supreme Court: Industry Watchers Weigh In

Google has petitioned the U.S. Supreme Court to hear its argument against Oracle's now four-year-old claim that 37 Java APIs used in the Android OS violated copyright (details in this report). It's an important question, and in my opinion, one worthy of the high court.

Google's decision wasn't a surprise to Forrester analyst John R. Rymer, who told me he expected the search engine giant to take its case all the way to the Supreme Court if it received an unfavorable ruling at the appellate level. He added that he has noticed "zero impact" on the Java community over the past four years from this "vendor drama."

"If Google wins, the status quo prevails; if Oracle wins, then Google will either have to strip out Oracle-patented IP or pay Oracle for the right to use its IP," he said. "In the latter case, Google will 'own a piece of Android,' a nice position given that Java ME is a nonstarter among smartphone and tablet OSs."

Martijn Verburg, CEO of jClarity, a startup focused on automating optimization for Java and JVM-related technologies, and co-leader of the London Java Users' Group, is also sanguine about the effect of the rulings on the Java community so far.

"I don't think the current ruling was all that bad for the industry," he said in an e-mail. "Although there's a fair amount of FUD about the decision, you can still copy or use appropriately OSS-licensed APIs, which constitute the vast majority of the Java ecosystem, and there's still a strong argument that most folks will be okay under the Fair Use clause (for example, Mono) or the lesser-known 'It's such a small portion of the API, which is okay as well' clause, which would cover a lot of individual developers who are just copying a handful of APIs here and there."

Verburg also believes that there's a general consensus in the Java community that Oracle should come out on top in this dispute. "Java developers in general are (grudgingly in some cases) pretty happy with the way Oracle is treating Java," he said, "even if they've mistreated other OSS communities that they took over from Sun."

The last time I talked with Wayne Citrin, CTO of NetBridge, about this lawsuit, he argued that it would be best for Java -- and Oracle -- if Google wins. He hasn't changed his opinion. "The more people with the opportunity to use Java, in more contexts, can only be good for Java (and, by extension, good for Oracle)," he said. "I can see Oracle's interest in protecting Java from undesirable branching, but I really don't see that as a problem here. If Oracle wins, I see something of the opposite happening. Restricting the breadth of use of Java can't be good for the Java community (and, by extension, for Oracle)."

Citrin added that, although the stakes are highest for the Android community in this case, the wider Java community isn't likely to feel much of an impact, whatever the decision. He said he hasn't noticed any negative effects from the rulings so far. "Maybe that's because most of the Java runtimes that are being used either come from Oracle or come from companies who have gotten their ducks in a row and are okay with Oracle," he said.

A final ruling in Oracle's favor would trouble Miko Matsumura. Now vice president of Developer Relations at Hazelcast, Matsumura has been watching the Java space since he served as chief Java evangelist at Sun Microsystems in the late '90s. He agrees that there might be value in protecting some APIs with explicit licensing terms, but he sees merit in Google's argument about stifled innovation.

"The software industry today has been a thriving wellspring of innovation and competition based on [Bill Gates'] 'embrace and extend' and [Sun CEO Scott McNealy's] 'open interfaces, compete on implementation.' The inherent danger in siding with Oracle on this is that it creates a huge liability on existing software that would stifle creativity and innovation and shift billions of dollars away from software engineering towards software IP litigation."

IDC analyst Al Hilwa believes that copyright protection of 95 years (which was established by Congress for corporate authorship in 1998) is far too long. But he's not so sure about the argument that copyrights stifle technology innovation. "I think there is always a tension between unadorned innovation and breaking the rules," he said, "and we are always navigating this tension. If we could share everything without patents or copyrights, no doubt things would move faster, but there has to be a balance, and the sheer velocity of innovation is not always an absolute value held by everyone. It is up to the courts to navigate this balance."

Given the times we live in, the long "vendor drama" has seemed a strange affair to Dana Gardner, principal analyst at Interarbor Solutions.

"At a time when there's clamor for the removal, or at least reform, of patents on software, it's ironic and archaic that copyright is being invoked to keep open source software code under long-term commercial control," Gardner said. "Seeing as Java was touted as 'open source' under Sun's last gasps, and Oracle could not thwart Google's clean-room implementation of a Java runtime for Android -- it's apparent true goal -- copyright always seemed like a Hail Mary affair in the Java case."

Gardner believes the Supreme Court should hear this case, because of the opportunity it presents to settle some important questions. "The U.S. Supreme Court could now use this case to make some bold and needed determinations about real-world software use, and modernize and bring clarity to its common sense rights and extension," he said. "That would bring long-needed improvement to the software intellectual property morass, and could quickly jump-start software innovation and remove the cloud of uncertainty over software ownership and rights in general."

As I said, I believe that the question of whether foundational code can be copyrighted is worthy of consideration by the high court -- or rather, a high court. I'm not so sure about this one. Our judiciary, in general, isn't tech savvy enough. The striking exception of U.S. District Judge William Alsup, who felt that it was so important to understand the technologies involved in the Oracle v. Google case that he actually learned to write Java, makes his peers look like Luddites. And most of the members of our current high court are decades behind the times. According to the AP, a relatively tech-savvy Supreme Court Justice Elena Kagan has said her fellow justices don't even use e-mail.


Posted by John K. Waters on 10/17/2014 at 1:05 PM0 comments

JavaOne Wrap-Up: Top Third-Party Product Announcements

Oracle and the Java community made relatively few new announcements at the annual JavaOne conference last week, but a number of Java vendors did. Three announcements from local companies stood out for me at this year's show:.

Hazelcast, the Palo Alto, Calif.-based provider of an open-source, In-Memory Data Grid (IMDG) solution by the same name, made big news at the show with the launch of its JCache implementation. Hazelcast 3.3.1 JCache, which is the JCache-compatible version of Hazelcast, is now drop-in "pin compatible" with Oracle's Coherence IMDG and Ehcache. Hazelcast CEO Greg Luck wrote the latter, which is one of the most widely used open-source Java caching solutions. Luck is also a co-author of the JCache spec, along with Brian Oliver, who architected Oracle Coherence. Coherence, Ehcache, and Hazelcast are the only JCache implementations currently available.

The JCache project was the longest running Java specification request (JSR) in the history of Java and the Java Community Process (JCP) until it earned approval in March. JSR-107, the spec request for Java Temporary Caching API, specified the semantics for the temporary, in-memory caching of Java objects. The JSR languished for years until Terracotta and Oracle began funding it recently. Terracotta is probably best known for its commercial development of Ehcache.

Mountain View, Calif.-based Coverity launched the free beta of its new cloud-based service for Java developers at the show. The new Code Spotter service, which is built on Coverity's static code analysis platform, is designed to help developers find difficult-to-detect defects in Java code. The service allows Java devs to upload their source code to the cloud, where it is analyzed for known issues in Java code bases, such as resource leaks, race conditions, concurrency issues, and null pointer dereferences. With this new service, the company is "democratizing access" to its testing solution, the company said.

Coverity, which is a subsidiary of Synopsys, launched a "developer-first security" effort last year, during which it began promoting the idea of putting security into the hands of developers. In January, the company released a new version of its dev/test platform that provides Java developers with expanded coverage for the Open Web Application Security Project's (OWASP) Top 10 and Common Weakness Enumeration (CWE) security vulnerabilities in Java apps. The open-source OWASP identifies 10 of the most critical Web app security risks each year. The CWE is a community project sponsored by the Mitre Corporation to create a catalog of software security vulnerabilities.

Software build and distribution company JFrog launched a new commercial version of its Bintray open-source distro platform at this year's show: Bintray Premium. Bintray, which won a Duke's Choice Award last year, is a cloud platform for developers who want to store, publish, download, promote, and share software. (In other words, all of them.) The San Francicso-based company's commercial version supports "premium repositories," with unlimited storage and downloads, full download stats, access control, and download tracking, among other features.

BTW: The company won a Duke's Choice in 2011 for its Artifactory binary repository manager.

Posted by John K. Waters on 10/07/2014 at 11:45 AM0 comments

Ellison Speaks at Oracle Open World

Is it possible that Larry Ellison's decision to step down as CEO of Oracle will mean we actually see more of him? He has made two appearances so far at the annual Oracle OpenWorld conference in San Francisco this week under his new titles of Executive Chairman and Chief Technology Officer. Last year he bailed on his conference keynote to focus on the America's Cup, during which Oracle Team USA was staging an admittedly thrilling comeback. Attendees who traveled from...well, everywhere....and paid to see the guy were not sympathetic.

Ellison started his afternoon appearance yesterday with what amounted to an apology for his absence last year, and then launched into his familiar get-through-this-and-kill-'em-with-numbers pace. But then he slowed down, joked with the crowd, and worked his way amiably through a couple of demos.

"Because of my new job as CTO, I gotta do my demos by myself," he said. "Almost nobody works for me anymore." He hastily added, "I love my new job, by the way."

Maybe it was the V-neck sweater and slacks, but Ellison seemed to relax into his promised drill down on Oracle's platform-as-a-service (PaaS) offering. During his demo, he showed how users could migrate an on-premises Java application to Oracle's cloud database and WebLogic server. It took a bit more than the "push of a button" he'd talked about during his Sunday keynote opener, but not much.

Oracle continues to bet big (if a bit behind the competition) on the cloud. On Sunday, Ellison touted his company's upgraded cloud platform as an all-in-one environment for running apps and data, and for building out new apps as customers move to the cloud. The Oracle offering includes a "massively upgraded" PaaS featuring Oracle Database 12c; infrastructure-as-a-service (IaaS); and rapidly growing software-as-a-service (SaaS). The company claims to have picked up more than 2,100 new SaaS customers over the past year. "We have by far the largest portfolio of cloud applications of anybody," Ellison declared. "We built a lot more in 2014. We bought a lot more in 2014. We definitely had a build-and-buy strategy."

Ellison sounded like his old trash-talking self on Sunday as he took swipes at the competition, including SAP, Amazon, Workday, and Salesforce.com. He singled out SAP, which recently bought Concur Technologies, a travel and expense software provider, in a deal worth $8.3 billion. He focused on the company's Hana in-memory computing platform.

"I'm going to try to be nice," Ellison said. "But it's so hard. I have no idea what runs on Hana. It's rude but it's the truth. And it's kinda funny. What cloud? Let's just talk about Earth."

He also took a shot at Salesforce.com. Oracle is the only cloud vendor that "lets you use the same platform it builds on to extend cloud apps," he said, while Salesforce.com uses the Oracle platform to build its apps, and then relegates its customers to extending apps with its proprietary Force.com and Salesforce1 platforms. Still, he allowed that Salesforce "is the best of the rest, because at least they have a platform. The other guys… they don't even have a platform. It's missing in action."

Hard to believe Ellison is now 70 years old, and even harder to imagine the hyper-competitive exec slowing down. Forbes just published its annual list of the 400 Wealthiest Americans, and Ellison came in third, behind Warren Buffett (second) and Bill Gates (first), and just ahead of the Koch brothers. What do retirees do when they're worth $47.6 billion?

Of course, Ellison isn't retiring, is he? There's a reason we're not hearing much "end of an era" talk around his move. He's not actually leaving the company he co-founded. He's not even stepping away from day-to-day involvement in the company's operations. He'll be free of some responsibilities; Safra Catz will continue to look after manufacturing, finance, and legal operations, and Mark Hurd will continue managing the company's sales, service, and global business units. But Ellison is now head of engineering and product development, so he'll still be working with Hurd and Catz -- my guess is, closely.

I asked OpenWorld attendees what they thought about Ellison's decision to step down from the big chair. Several said they thought it was a smart move that freed Ellison from some responsibilities without reducing his influence. "Let's face it, how would a person who is both the CTO and Chairman of the Board of a tech company not tell the CEOs where the company is going or should go?" said attendee Keith Gapol, IT associate at Agilent Technologies. "He will still be driving the development direction of the company."

I also heard comments like this one from an attendee from the UK: "Oof! I've had enough of that man!"

Most of the people I talked to were unphazed by the Oracle executive shuffle. A developer who flew in for the event from Boston summed up what I found in my unscientific survey to be the prevailing opinion: "I don't think it'll make that much of a difference," he said. "I mean, he's not really going anywhere, is he?"

Posted by John K. Waters on 10/01/2014 at 2:08 PM0 comments

JavaOne 2014 Preview: NetBeans Day, IoT and Rock 'n' Roll

It's time again for the annual JavaOne gathering of Java jocks in San Francisco for a week of drink…I mean, learning and networking. I kid, but that's because the anxiety over how well this touchstone event would weather its assimilation by Oracle OpenWorld has largely dissipated. For all intents and purposes, JavaOne continues to survive with its identity intact.

The primary venues for this year's event, which runs from Sept. 28 through Oct. 2, are the Hilton San Francisco Union Square and the Parc 55 Wyndam, but some related events are scheduled for the Nikko Hotel. (My feet ache already.) The annual Strategy Keynote is set for Sunday afternoon at the north hall of the Moscone Center, the event's former home. The usual suspects will be on hand: Georges Saab, Peter Utzschneider, Cameron Purdy, and John Duimovich. Mark Reinhold will again give the Technical Keynote. The Community Keynote is set for Thursday morning.

I'm especially excited about the NetBeans Community Day 2014 (Sunday, September 28), which throws a spotlight on one of the least talked about and yet most popular Java IDEs. Rather than individual presenters, the NetBeans Day sessions will take the form of moderated panels of experts, including some genuine Java rockstars. The father of Java himself, James Gosling, will be there, moderating a panel focused on how they use the editors, debuggers, and profilers from NetBeans (which Gosling has called his favorite IDE) to program and interact with devices. (Expect some insights into Gosling's recent passion: sea-going robots.)

NetBeans Community Day has a lineup of six panel sessions offering real-world stories and demos of NetBeans new features in action, presentations about developing Java EE apps with Maven, talks about working with free Java tools, and a discussion about teaching with free Java tools. Session presenters include speakers from Jelastic, ZeroTurnaround, Codename One, VMware, QAware, Boeing, Kodewerk and JClarity, among others.

Among the rumored announcements I'm the most curious about is some news expected from the Eclipse Foundation about an Open IoT Stack for Java. The Foundation has been working for a couple of years now on its Internet of Things initiative, first focusing on M2M, and then expanding to include the broader IoT. The Foundation will have a booth at this year's show, where reps will be demoing some of the projects from that initiative, Ian Skerrett promised in a recent blog post. He also listed a number of Eclipse-related talks scheduled for this year's show. Lots of IoT stuff in there, but also Java 8, JavaFX, Eclipse Luna, the cloud and Java EE.

If you needed proof that IoT has graduated from buzzword to serious software category, look no further than all the sessions in the JavaOne IoT track. It's a long list, covering topics ranging from OSGi-based architectures to Gosling's robots. Need more? IoT will figure prominently in James Weaver's community keynote on Thursday, he said in a short conference page Q&A. Weaver is a Java developer, author, and consulting member of Oracle's Technical Staff. He has, the post observed, "a passion for Java, rich-client applications, and the Internet of Things (IoT)."

I'm also interested in what I think is a new addition to the conference floor: a Meet the Experts area, which was mentioned in a recent post on the Glassfish blog: The Aquarium. It's described as "a designated space in the JavaHub where most of the Specification Leads will be present at a dedicated time." Could be a mob scene; could be a golden opportunity to get some face time. Oracle's Java EE Evangelists and Heather VanCura from the JCP will also be there.

One obvious advantage of the Oracle connection is the "attendee appreciation" events, which this year include geezer rockers Aerosmith, millennials fav Macklemore and Ryan Lewis, and the Brit band Spacehog.

Remember: learning and networking.

Posted by John K. Waters on 09/24/2014 at 9:21 AM0 comments

The Internet of Things Needs Open Source

Ian Skerrett is probably best known for his role at the Eclipse Foundation as vice president of marketing, but for the past two-plus years he's also been leading the Eclipse effort to foster an open-source community around the Internet of Things (IoT).

 "If you look at the Internet today, it's run on open source," Skerrett told me. "Linux, Apache and open standards like HTTP are the building blocks. If we're really going to get an Internet of Things, we need a set of core building blocks that anyone can use to develop commercial or internal solutions." 

Eclipse IoT now includes 15 projects collectively aiming to reduce the complexity of developing IoT/M2M solutions. Most of the Eclipse literature on this initiative uses that "IoT/M2M" label, because machine-to-machine communication is where it all started, and because it continues to be an essential part of IoT. But is IoT more all encompassing, which, Skerrett says, is what makes developing IoT solutions so challenging.

 "To put together an IoT solution today, you need people who understand gateways and networks, but also enterprise systems, data analytics, integration with ERP or CRM systems," he said. "There's some daunting complexity here, but we know that when you create frameworks and abstraction levels in software, it becomes much easier to put together these types of solutions."

 The mission of the Eclipse IoT initiative is to establish an open IoT/M2M platform that comprises a set of services and frameworks, open-source implementations of standard protocols, and an Eclipse-based IDE for simplifying IoT/M2M development. The current list of projects likely to become part of that platform includes the Paho Project, which provides scalable open-source client implementations of open and standard messaging protocols for IoT/M2M apps. That list also includes several frameworks: Kura, which is a set of Java and OSGi services commonly required for IoT gateways (I/O services, data services, cloud services, networking, etc.); Mihini, which is an open-source framework written in the Lua scripting language; OM2M, an open-source implementation of the ETSI M2M standard; and the Wakaama Project, which will provide a C portable framework for building LWM2M clients and/or servers.

There's also SmartHome  (named by Captain Obvious), which is a framework for building smart home solutions; Eclipse SCADA, which the Foundation describes as "a way to connect different industrial devices to a common communication system and post-process, as well as visualize the data to operating personnel;" and the Sandbox LWM2M Server, which provides a Web UI and a REST API to enable interaction with the registered clients. Koneki  is an M2M developer tools project that's using Lua as its primarily programming language.

 Eclipse IoT's protocol efforts are focused on providing open-source implementations of Message Queuing Telemetry Transport (MQTT), which is designed to connect "physical world devices" and networks with applications and middleware; CoAP (Constrained Application Protocol), which is a protocol specialized for use with constrained nodes and networks; and OMA LightweightM2M (LWM2M), which is an industry standard for device management of M2M/IoT devices.

 A complete list of Eclipse IoT projects is available on the Foundation Web site here.

Even better, Skerrett will give attendees of our upcoming App Dev Trends 2014 Conference  in December an in-depth look at the Eclipse IoT initiative and discuss the and the role of open source in the evolution of the Internet of Things.

Posted by John K. Waters on 09/17/2014 at 10:11 AM0 comments

Bugs Are Bad, But So Are Flaws: IEEE Sponsors Center for Secure Design

There's a difference between a bug and a flaw, and an impressive group of software security mavens thinks it's time to pay more attention to the latter. To shift some of the industry's focus away from finding implementation bugs and toward identifying common design flaws -- "the Achilles' heel" of security engineering -- the IEEE Computer Society has formed the Center for Secure Design (CSD).

The CSD grew out of a foundational workshop, held in April, which brought together software security experts from industry, academia and government to talk about the problem of secure software design. Among the 10 workshop participants were representatives from Twitter, Google, RSA, Intel and Harvard University.

Gary McGraw, CTO of Cigital, hosted a soirée at the Cantina art bar in San Francisco to launch the CSD and to generate interest in its mission. McGraw was among the original workshop members. "The price of admission was a bag of flaws -- a real bag of flaws -- from your practice," McGraw told attendees. "We dumped them all on the table and picked the tallest 10 piles."

That mission, by the way, is to "gather software security expertise from industry, academia and government" to provide guidance on "recognizing software system designs that are likely vulnerable to compromise" and "designing and building software systems with strong, identifiable security properties." And those 10 piles led to the publication of an inaugural CSD report, "Avoiding the Top 10 Software Security Design Flaws."

McGraw, who is author of numerous books about building secure software, called finding and fixing design flaws "the hardest problem that nobody has solved."

"Software security has grown into a $7 or $8 billion industry, and it's continuing to grow very fast," he told me. "But the field seems to be myopically focused on bugs and hackers. And yet, from a technical perspective, half of the problem is a design problem. We're hoping to shepherd the field in the right direction."

The CSD is part of a larger IEEE cybersecurity initiative launched this year "with the aim of expanding its ongoing involvement in cybersecurity." Jim DelGrosso, principal consultant at Cigital, will serve as the CSD's executive director. One of the problems the group will address, DelGrosso said, is the relative opaqueness of the work being done on design flaws.

"We've known about these things for a decade or three," he told attendees, "and yet the problems persist. We also know that this work is being done, but much of it is being done internally, so it's not available to the public. One of the goals of the CSD is to change that. We want people to stop making these mistakes."

Google information engineer Christoph Kern shared an example of such internal work from his own company, where he has been developing Web application frameworks that make it hard for developers to introduce cross-site scripting bugs. One team that adopted the frameworks saw a marked reduction in their bug-tracker stats. "There's a real connection between bugs and design-level considerations," he said.

Here's the list of initial participants in the Center for Secure Design:

  • Iván Arce, Sadosky Foundation
  • Neil Daswani, Twitter
  • Jim DelGrosso, Cigital
  • Danny Dhillon, RSA
  • Christoph Kern, Google
  • Tadayoshi Kohno, University of Washington
  • Carl Landwehr, George Washington University
  • Gary McGraw, Cigital
  • Brook Schoenfield, Intel/McAfee
  • Margo Seltzer, Harvard
  • Diomidis Spinellis Athens University of Economics and Business
  • Izar Tarandach, EMC
  • Jacob West, HP

Here are those top 10 security design flaws; each one is fleshed out considerably in the CSD report:

  • Earn or give, but never assume, trust
  • Use an authentication mechanism that cannot be bypassed or tampered with
  • Authorize after you authenticate
  • Strictly separate data and control instructions, and never process control instructions received from untrusted sources
  • Define an approach that ensures all data are explicitly validated
  • Use cryptography correctly
  • Identify sensitive data and how they should be handled
  • Always consider the users
  • Understand how integrating external components changes your attack surface
  • Be flexible when considering future changes to objects and actors

Posted by John K. Waters on 09/02/2014 at 6:43 AM0 comments

Upcoming Events


Sign up for our newsletter.

I agree to this site's Privacy Policy.